Help with Influx db queries about firewall and IP info

cuteliquid11 · Dec 24, 2023, 4:07 AM

Hi guys,

Does anyone know why I’m not able to find queries about: public IP, LAN IP, firewall events?

I have a working influx db 2.0 server with telegraf and Pfsense telegraf module, all works and sends data to Grafana.

Any advice how to collect the above?

Thanks!

kiokoman · Dec 24, 2023, 2:31 PM

@cuteliquid11
all the information are available using SNMP

take a look at [[inputs.snmp]]

[[inputs.snmp]]
  agents = ["udp://127.0.0.1:161"]
  path = ["/usr/local/share/snmp/mibs"]
  timeout = "5s"
  community = "default"
  retries = 3
  max_repetitions = 10
  agent_host_tag = "agent_host"

[[inputs.snmp.field]]
    oid = "RFC1213-MIB::sysUpTime.0"
    name = "sysUptime"
    conversion = "float(2)"

  [[inputs.snmp.field]]
    oid = "RFC1213-MIB::sysName.0"
    name = "sysName"
    is_tag = true

  [[inputs.snmp.table]]
    oid = "IF-MIB::ifTable"
    name = "interface"
    inherit_tags = ["sysName"]

  [[inputs.snmp.table.field]]
    oid = "IF-MIB::ifDescr"
    name = "ifDescr"
    is_tag = true

 [[inputs.snmp.table]]
    oid = "IP-MIB::ipAddrTable"
    name = "IpAddressTable"

https://github.com/influxdata/telegraf/blob/master/plugins/inputs/snmp/README.md

as of how to make this information usefull for grafana is another task
let us know if you find how to do it
i can get the address but i was unable to find a way to associate the address to an interface
i never had the time or will, too much hassle to find a solution...
i think you need to join some tables... i suppose

[23.09.1-RELEASE][root@pfSense.kiokoman.home]/root: snmpwalk -v2c -c default 127.0.0.1 IF-MIB::ifName
IF-MIB::ifName.1 = STRING: vmx0
IF-MIB::ifName.2 = STRING: vmx1
IF-MIB::ifName.3 = STRING: enc0
IF-MIB::ifName.4 = STRING: lo0
IF-MIB::ifName.5 = STRING: pflog0
IF-MIB::ifName.6 = STRING: pfsync0
IF-MIB::ifName.7 = STRING: vmx0.30
IF-MIB::ifName.8 = STRING: vmx0.100
IF-MIB::ifName.9 = STRING: vmx1.100
IF-MIB::ifName.10 = STRING: vmx0.150
IF-MIB::ifName.11 = STRING: vmx0.35
IF-MIB::ifName.12 = STRING: ovpns1
IF-MIB::ifName.13 = STRING: gif0
[23.09.1-RELEASE][root@pfSense.kiokoman.home]/root: snmpwalk -v2c -c default 127.0.0.1 IP-MIB::ipAdEntAddr
IP-MIB::ipAdEntAddr.0.0.0.0 = IpAddress: 0.0.0.0
IP-MIB::ipAdEntAddr.10.0.8.1 = IpAddress: 10.0.8.1
IP-MIB::ipAdEntAddr.x.x.x.x = IpAddress: x.x.x.x
IP-MIB::ipAdEntAddr.127.0.0.1 = IpAddress: 127.0.0.1
IP-MIB::ipAdEntAddr.172.17.0.254 = IpAddress: 172.17.0.254
IP-MIB::ipAdEntAddr.192.168.2.2 = IpAddress: 192.168.2.2
IP-MIB::ipAdEntAddr.192.168.10.254 = IpAddress: 192.168.10.254
IP-MIB::ipAdEntAddr.192.168.15.254 = IpAddress: 192.168.15.254
IP-MIB::ipAdEntAddr.192.168.30.254 = IpAddress: 192.168.30.254
IP-MIB::ipAdEntAddr.192.168.150.254 = IpAddress: 192.168.150.254
[23.09.1-RELEASE][root@pfSense.kiokoman.home]/root: snmpwalk -v2c -c default 127.0.0.1 IF-MIB::ifAlias
IF-MIB::ifAlias.1 = STRING: LAN
IF-MIB::ifAlias.2 = STRING: MODEM
IF-MIB::ifAlias.3 = STRING:
IF-MIB::ifAlias.4 = STRING:
IF-MIB::ifAlias.5 = STRING:
IF-MIB::ifAlias.6 = STRING:
IF-MIB::ifAlias.7 = STRING: WIFI
IF-MIB::ifAlias.8 = STRING: SRV
IF-MIB::ifAlias.9 = STRING: WAN
IF-MIB::ifAlias.10 = STRING: VOIP
IF-MIB::ifAlias.11 = STRING: Guest
IF-MIB::ifAlias.12 = STRING:
IF-MIB::ifAlias.13 = STRING: HENETv6

[23.09.1-RELEASE][root@pfSense.kiokoman.home]/root: snmpwalk -v2c -c default 127.0.0.1 IP-MIB::ipAdEntIfIndex
IP-MIB::ipAdEntIfIndex.0.0.0.0 = INTEGER: 1
IP-MIB::ipAdEntIfIndex.10.0.8.1 = INTEGER: 12
IP-MIB::ipAdEntIfIndex.x.x.x.x = INTEGER: 9
IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 4
IP-MIB::ipAdEntIfIndex.172.17.0.254 = INTEGER: 8
IP-MIB::ipAdEntIfIndex.192.168.2.2 = INTEGER: 2
IP-MIB::ipAdEntIfIndex.192.168.10.254 = INTEGER: 1
IP-MIB::ipAdEntIfIndex.192.168.15.254 = INTEGER: 11
IP-MIB::ipAdEntIfIndex.192.168.30.254 = INTEGER: 7
IP-MIB::ipAdEntIfIndex.192.168.150.254 = INTEGER: 10

cuteliquid11 · Dec 24, 2023, 8:50 PM

@kiokoman said in Help with Influx db queries about firewall and IP info:

as of how to make this information usefull for grafana is another task
let us know if you find how to do it

Thanks! As longs it will be in the database, the job is successfully done. I wasn't clear in my paragraph about my infl. db. It works ok, the pf telegraf module does send the info to infl.db and later to Grafana, but doesn't fetch info about IP's or firewall, I simply don't see those queries to build a json output.

Are you suggesting that I need to use SNMP in addition to flux? I haven't tried this yet.

kiokoman · Dec 24, 2023, 9:03 PM

@cuteliquid11
yes, you need to add [[inputs.snmp]] to "Additional configuration for Telegraf"

AFAIK ip informations are not available with the default settings

also you need to enable Services / SNMP on pfsense

cuteliquid11 · Dec 24, 2023, 9:28 PM

@kiokoman said in Help with Influx db queries about firewall and IP info:

AFAIK ip informations are not available with the default settings

I.S. Does it mean I need to use designated OID's if I want to pull those?

kiokoman · Dec 24, 2023, 9:33 PM

@cuteliquid11

IP addresses are available here

[[inputs.snmp.table]]
oid = "IP-MIB::ipAddrTable"
name = "IpAddressTable"

cuteliquid11 · Dec 24, 2023, 9:38 PM

@kiokoman
Ok, will tinker with this and update, thanks a lot.

cuteliquid11 · Dec 26, 2023, 9:04 PM

@kiokoman
Hi Kikoman,

Did you also modify your /etc/telegraf/ telegraf.conf to enable SNMP output? This is on telegraf server.

My current update.

I enabled ping monitor on a Pfsense telegraf module and I can now at least specify what host I want to ping.
When adding additional config into telegraf module with SNMP on the Pfsense, nothing happens.

kiokoman · Dec 26, 2023, 10:14 PM

@cuteliquid11
you need to enable and configure this